[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4965Date: (C)2006-09-24   (M)2023-12-22


Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018687
SREASON-1631
http://www.securityfocus.com/archive/1/archive/1/446750/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/453756/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/479179/100/0/threaded
BID-20138
SECUNIA-22048
SECUNIA-27414
ADV-2007-3155
APPLE-SA-2007-03-05
VU#751808
http://docs.info.apple.com/article.html?artnum=305149
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
http://www.gnucitizen.org/blog/backdooring-mp3-files/
http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up

CPE    1
cpe:/a:apple:quicktime:7.1.3
CWE    1
CWE-94

© SecPod Technologies